 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Cr0w
Newbie cheater
![]() Reputation: 0
Joined: 09 Oct 2014
Posts: 10
|
 Posted: Sat May 23, 2020 8:36 pm Post subject: Grab an address from a register after AOB-ing an instruction |
 |
|
Is this possible? I've been using AOB injection to do things like grab instructions that modify HP and such, but when I look at the debugger one or more of the registers for that instruction contains the base address for a data structure I would like to be able to register as a symbol so I can add offsets to it so I have access to all the pertinent things I want to change without going after them individually.
All the tutorials show me I'm supposed to be AOB-ing the address itself, not an instruction that modifies said address, but if the address I'm looking for is in, say, EDX at the time the instruction is called, can't I grab it then and stick it to a symbol? Or am I barking up the wrong tree here?
| Code: |
[ENABLE]
aobscan(INJECT,29 82 90 03 00 00)
alloc(newmem,$100)
alloc(P1,$4)
registersymbol(P1)
label(code)
label(return)
newmem:
code:
mov [P1],edx //this is essentially what I wanna do
sub [edx+00000390],eax //original code, edx+390 is current HP
add [edx+00000390],eax //I added this line to reverse the dmg
jmp return
INJECT:
jmp newmem
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db 29 82 90 03 00 00
unregistersymbol(INJECT)
unregistersymbol(P1)
dealloc(P1)
dealloc(newmem)
|
The debugger says EDX, ESI, & EBX all contain the address I'm looking for. I just want to save that address to a registered symbol. What am I doing wrong?
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4299
|
| Posted: Sat May 23, 2020 9:29 pm Post subject: |
|
|
The search term you're looking for is "injection copy".
That code looks fine, more or less. I'd reorganize the script to look like this:
| Code: | [ENABLE]
aobscan(CopyHealthInject,29 82 90 03 00 00)
alloc(newmem,$800)
alloc(P1,$4)
label(return)
registersymbol(P1)
registersymbol(CopyHealthInject)
P1:
dd 0 // pedantic and unnecessary, but not a bad habit
newmem:
mov [P1],edx
// sub [edx+00000390],eax
jmp return
CopyHealthInject:
jmp newmem
nop
return:
[DISABLE]
CopyHealthInject:
db 29 82 90 03 00 00
unregistersymbol(CopyHealthInject)
unregistersymbol(P1)
dealloc(P1)
dealloc(newmem)
|
If you have more than one script that registers the symbol INJECT, they'll interfere with each other. It's best to give unique names to injection points. Beyond that, I don't immediately see anything wrong with your script.
Perhaps the game didn't execute the code yet? It's not like executing the AA script will immediately populate the P1 symbol. A code injection just changes code. The game still has to run it in order for the changed code to do anything.
Also check and make sure the original instruction only accesses the address of your health (right click in disassembler -> "find out what addresses this instruction accesses"; play around in game a while and see what comes up)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Cr0w
Newbie cheater
![]() Reputation: 0
Joined: 09 Oct 2014
Posts: 10
|
| Posted: Sun May 24, 2020 11:30 am Post subject: Solved! |
|
|
| Thanks ParkourPenguin, that was just what I needed. I tried activating the script and taking damage to force the instruction to be called and the register populated properly. Thanks for helping me get over this roadblock! Seems to be working for establishing my offset tree. Cheers!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
